Privacy & VPN Blog - OrchidPrivacy & VPN Blog - Orchid
Open Menu
Close Menu
  • Home
  • Create Account
  • How It Works
  • OXT
  • About
  • Blog
  • Contact
  • English

Blog

Consensys Diligence's Goncalo Sa on Blockchain Security and Ethical Hacking

Consensys Diligence's Goncalo Sa on Blockchain Security and Ethical Hacking

Jul 25, 2022

**Consensys Diligence’s Goncalo Sa on blockchain security and ethical hacking **

“Software vulnerabilities exist in the fringe,” said Web3 hacker and Consensys Diligence co-founder Goncalo Sa. He was speaking to Orchid’s Derek Silva on this week’s episode of the Priv8 Podcast about the current state of blockchain security and the critical role that ethical hacking plays in it.

“This ‘fringe’ where vulnerabilities exist lies somewhere between specification and implementation. There's a gap between these two things. Vulnerabilities tend to show up here because this is the place where someone will think that a certain component is supposed to do X, but in reality, the implementation of that component fails by a small margin.”

Goncalo said that for this reason, these gaps are where he searches for potential vulnerabilities when he’s conducting software audits. “So when we begin looking for vulnerabilities, we start the process by mentally mapping everything in the codebase. To aid in this process, we create and use tools that help with this visualization.”

And beyond visualization tools, Goncalo said that his team also relies on tools that help to quickly classify different types of hacks and exploits. “Whenever there’s a hack, these tools help us to identify the class of attack. But right now, these tools are too opinionated. They only care about code-related bugs, and not, for example, about business logic bugs.

Goncalo said that there is still more development that needs to happen for cybersecurity tools in Web3. “The security tooling infrastructure is still growing in the Web3 space. But at the same time, security is not about having the fanciest tools – it’s about making it easy for developers to implement the tools they have at hand. Because if they’re not easy to use, people are not going to use them, and systems are still going to be insecure.

“It’s so important to make it simple for developers to use these tools in all parts of the development lifecycle. This will hopefully make end-products a little bit safer. And we’re getting there.”

Check out the entire conversation with Goncalo. And don't forget to subscribe to Priv8 on your favorite streaming service.


If you enjoyed this blog, subscribe here for privacy news, commentary, and product updates from Orchid.
Download the app and join Orchid’s privacy network today!

Keep Reading

Mar 8, 2021
Privacy & VPN Blog - Orchid© 2022 Orchid Labs Inc.

Privacy Policy | Terms of Service

Follow Us
  • Twitter
  • Reddit
  • Discord
  • Telegram
  • Github
  • Facebook
  • YouTube
  • LinkedIn